ABSTRACT
Software updates typically require stopping and restarting an application, but many systems cannot afford to halt service, or would prefer not to. Dynamic software updating (DSU) addresses this difficulty by permitting programs to be updated while they run. DSU is appealing compared to other approaches for on-line upgrades because it is quite general and requires no redundant hardware. The challenge is in making DSU practical: it should be flexible, and yet safe, efficient, and easy to use.In this paper, we present Ginseng, a DSU implementation for C that aims to meet this challenge. We compile programs specially so that they can be dynamically patched, and generate most of a dynamic patch automatically. Ginseng performs a series of analyses that when combined with some simple runtime support ensure that an update will not violate type-safety while guaranteeing that data is kept up-to-date. We have used Ginseng to construct and dynamically apply patches to three substantial open-source server programs---Very Secure FTP daemon, OpenSSH sshd daemon, and GNU Zebra. In total, we dynamically patched each program with three years' worth of releases. Though the programs changed substantially, the majority of updates were easy to generate. Performance experiments show that all patches could be applied in less than 5 ms, and that the overhead on application throughput due to updating support ranged from 0 to at most 32%.
- A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and inferring local non-aliasing. In Proc. PLDI, 2003.]] Google Scholar
Digital Library
- G. Altekar, I. Bagrak, P. Burstein, and A. Schultz. OPUS: Online patches and updates for security. In Proc. USENIX Security, 2005.]] Google Scholar
Digital Library
- J. Armstrong, R. Virding, C. Wikstrom, and M. Williams. Concurrent programming in ERLANG (2nd ed.). Prentice Hall International Ltd., 1996.]] Google Scholar
Digital Library
- A. Baumann, J. Appavoo, D. D. Silva, J. Kerr, O. Krieger, and R. W. Wisniewski. Providing dynamic update in an operating system. In Proc. USENIX ATC, 2005.]] Google Scholar
Digital Library
- T. Bloom. Dynamic Module Replacement in a Distributed Programming System. PhD thesis, MIT/LCS, March 1983.]]Google Scholar
- T. Bloom and M. Day. Reconfiguration and module replacement in Argus: theory and practice. Software Engineering Journal, 8(2):102--108, 1993.]]Google Scholar
Cross Ref
- C. Boyapati, B. Liskov, L. Shrira, C.-H. Moh, and S. Richman. Lazy modular upgrades in persistent object stores. In Proc. OOPSLA, 2003.]] Google Scholar
Digital Library
- G. Bronevetsky, M. Schulz, P. Szwed, D. Marques, and K. Pingali. Application-level checkpointing for shared memory programs. In Proc. ASPLOS, 2004.]] Google Scholar
Digital Library
- B. Buck and J. K. Hollingsworth. An API for runtime code patching. Journal of High Performance Computing Applications, 14(4):317--329, 2000.]] Google Scholar
Digital Library
- C. Calcagno. Stratified Operational Semantics for Safety and Correctness of The Region Calculus. In POPL, 2001.]] Google Scholar
Digital Library
- S. Drossopoulou and S. Eisenbach. Flexible, source level dynamic linking and re-linking. In Proc. Workshop on Formal Techniques for Java Programs, 2003.]]Google Scholar
- D. Duggan. Type-based hot swapping of running modules. In ICFP, 2001.]] Google Scholar
Digital Library
- O. Frieder and M. E. Segal. On dynamically updating a computer program: From concept to prototype. The Journal of Systems and Software, 14(2):111--128, 1991.]] Google Scholar
Digital Library
- S. Gilmore, D. Kirli, and C. Walton. Dynamic ML without dynamic types. Technical Report ECS-LFCS-97-378, LFCS, University of Edinburgh, 1997.]]Google Scholar
- A. Goldberg and D. Robson. Smalltalk 80 - the Language and its Implementation. Addison-Wesley, Reading, 1989.]] Google Scholar
Digital Library
- D. Gupta. On-line Software Version Change. PhD thesis, Indian Institute of Technology, Kanpur, November 1994.]]Google Scholar
- M. W. Hicks. Dynamic Software Updating. PhD thesis, The University of Pennsylvania, August 2001.]] Google Scholar
Digital Library
- G. Hjálmtýsson and R. Gray. Dynamic C++ classes, a lightweight mechanism to update code in a running program. In Proc. USENIX ATC, 1998.]] Google Scholar
Digital Library
- Java platform debugger architecture. This supports class replacement. See http://java.sun.com/j2se/1.4.2/docs/guide/jpda/.]]Google Scholar
- The K42 Project. http://www.research.ibm.com/K42/.]]Google Scholar
- J. Kodumal and A. Aiken. Banshee: A scalable constraint-based analysis toolkit. In Proc. SAS, September 2005.]] Google Scholar
Digital Library
- D. E. Lowell, Y. Saito, and E. J. Samberg. Devirtualizable virtual machines enabling general, single-node, online maintenance. In Proc. ASPLOS, 2004.]] Google Scholar
Digital Library
- J. M. Lucassen and D. K. Gifford. Polymorphic Effect Systems. In POPL, 1988.]] Google Scholar
Digital Library
- S. Malabarba, R. Pandey, J. Gragg, E. Barr, and J. F. Barnes. Runtime support for type-safe dynamic java classes. In Proc. ECOOP, 2000.]] Google Scholar
Digital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. LNCS, 2304:213--228, 2002.]] Google Scholar
Digital Library
- D. Oppenheimer, A. Brown, J. Beck, D. Hettena, J. Kuroda, N. Treuhaft, D. A. Patterson, and K. Yelick. Roc-1: Hardware support for recovery-oriented computing. IEEE Trans. Comput., 51(2):100--107, 2002.]] Google Scholar
Digital Library
- A. Orso, A. Rao, and M. Harrold. A technique for dynamic updating of Java software. In Proc. ICSM, 2002.]] Google Scholar
Digital Library
- S. Parker. A simple equation: IT on = Business on. The IT Journal, Hewlett Packard, 2001.]]Google Scholar
- J. S. Plank. An overview of checkpointing in uniprocessor and distributed systems, focusing on implementation and performance. Technical Report UT-CS-97-372, Computer Science Department, the University of Tennessee, 1997.]] Google Scholar
Digital Library
- J. M. Smith. A survey of process migration mechanisms. ACM Operating Systems Review, SIGOPS, 22(3):28--40, 1988.]] Google Scholar
Digital Library
- C. Soules, J. Appavoo, K. Hui, D. D. Silva, G. Ganger, O. Krieger, M. Stumm, R. Wisniewski, M. Auslander, M. Ostrowski, B. Rosen-burg, and J. Xenidis. System support for online reconfiguration. In Proc. USENIX ATC, June 2003.]]Google Scholar
- G. Stoyle. A Theory of Dynamic Software Updates. PhD thesis, Computer Laboratory, University of Cambridge. To appear.]]Google Scholar
- G. Stoyle, M. Hicks, G. Bierman, P. Sewell, and I. Neamtiu. Mutatis Mutandis: Safe and predictable dynamic software updating. In Proc. POPL, 2005.]] Google Scholar
Digital Library
- M. Tofte and J.-P. Talpin. Region-based memory management. Information and Computation, 132(2):109--176, 1997.]] Google Scholar
Digital Library
- B. Zorn. Personal communication, based on experience with Microsoft Windows customers, August 2005.]]Google Scholar
Index Terms
Practical dynamic software updating for C
Recommendations
Dynamic software updates: a VM-centric approach
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and ImplementationSoftware evolves to fix bugs and add features. Stopping and restarting programs to apply changes is inconvenient and often costly. Dynamic software updating (DSU) addresses this problem by updating programs while they execute, but existing DSU systems ...
Practical dynamic software updating for C
Proceedings of the 2006 PLDI ConferenceSoftware updates typically require stopping and restarting an application, but many systems cannot afford to halt service, or would prefer not to. Dynamic software updating (DSU) addresses this difficulty by permitting programs to be updated while they ...
StrongUpdate: An Immediate Dynamic Software Update System for Multi-threaded Applications
Human Centered ComputingAbstractA new immediate Dynamic Software Update (DSU) system upon multi-threaded applications, called StrongUpdate is proposed in this paper. StrongUpdate uses stack reconstruction to update functions and variables in the stack at the same time, which can ...







Comments